Just looking to see what has changed from 186 to 194 that stops flash based chats from connecting. When using 186 connection was fine. As soon as updated to 194 same chat gets a flash policy error even though flash policy is running. only thing to change was updating to the new flash player version. This is effecting both microsoft edge/ie and firefox. Not effecting google chrome as of yet as they haven't updated to the new version.

Im currently on Windows 10, but it happens on any OS i believe as we have had reports of issues on mac aswell. This happens on any type of web based flash chat. lightIRC is one of the ones I use that is having the issue: you can test with:ChainScriptz

All three of these use different flash compenents to their chat so it is a wide spread issue with connect to chat networks using flash. All of them use so variation of an irc chat backend ( hence the flashpolicy being need )

This issue is affecting hundred's of our users and we have verified the issue is impacting many other websites that use Flash Based Socket to connect to IRC. Hopefully a fix can be found very soon. We can offer any information you require to speed up this process.

Sorry for the inconvenience. Flash Player has historically blocked communication on a number of ports. As Flash and the Internet continue to grow and mature, it's important that Flash behaves as a responsible citizen in regard to the larger ecosystem. In many instances, this means ensuring that Flash Player conforms to limit its capabilities to match those available through HTML and JavaScript. These changes bring Flash Player in line with the latest thinking about what ports should be restricted.

While updates to the official documentation are forthcoming, I can confirm that we've expanded the list of blocked ports. Here's the current list:

Unfortunately, one of the side effects of this change is that a few of these ports are in the range of ports informally used by IRC servers when an IRC daemon is not run with administrative privileges, or many IRC instances are served from a single IP. In this instance, our recommendation would be to proxy traffic on affected ports in this range to different ports, in order to make them available to a Flash-based IRC client.

The message about installing a policy daemon is generated by the content, and is incorrect. In this instance, you're encountering the error because you're attempting to connect to a port that's blocked, and it fails.

Then think about what port you would like to use and put that port in a listen block in your Unrealircd.conf and in Lightirc in config.js put that same IP in params.port = "ooooo"; replace the zeros. When you finished then /rehash you unreal server. and also after the changes you made in restart the flashpollicy. Good luck and get it up and running again>

Could you please explain why you make such a major restriction out of the blue? Are you aware that this foredooms all Flash-based IRC clients in the whole Internet? 6667 is the de-facto standard port for IRC daemons and it's in use for decades already.

Though, the fact that you blocked 6665-6669 is a clear indicator that you explicitely wanted to prohibit IRC connections. I think the policy server restrictions were already tight enough to prevent abuse. This kind of full dismissal will affect thousands of webmasters and hundreds of thousands users, which were quite happy with their Flash-based IRC clients. Until now.

Please consider a relaxation of the amount of blocked ports as this restriction has unreasonably heavy impacts compared to the small "security" improvements it will bring.

In any case, we would appreciate if you could shed some light on your motivation to block IRC connections in Flash Player.

Would really like to see a "real" answer to your question as well. I just didn't realize that Adobe felt the need to be a follower, instead of a leader. I for one can see no good, that came out of this move to "block" ports. A port is a port is a port.

If they actually wanted to do something, to be a good net citizen (whatever that really is), they should get back into the fight, and start making AS3 dominant again.

It sounds like there's probably more than one port in play. Since * allows everything, it works. Specifying the single port is too tight, because there's traffic on a different port that also fails.

You could look with a packet sniffer like Wireshark to see what ports are actually being used, but it's a little bit of a research project. Taking a more surgical approach when opening ports is better, simply because you're limiting your attack surface, but * will definitely get it done.

The socket policy file tells Flash Player what ports it's allowed to communicate on. The value foo in to-ports="foo" is the list of ports you want to allow. If you've modified your instance to use 6670 instead of 6667 as an example, then you would want to specify:

i also agree with you that is really a big question mark why the people of Adobe have blocked the "6667" port as it is the standard irc port for ages. Good of you too to put this on your own website of lightIRC with the link to this thread where people can read all the info they need. I just added some more info to this thread as an reply to "Herman" which may/could be helpfull to other admins of their (Unreal)IRCd server.